CA2829104C - Method and system for dynamic platform security in a device operating system - Google Patents

Method and system for dynamic platform security in a device operating system Download PDF

Info

Publication number
CA2829104C
CA2829104C CA2829104A CA2829104A CA2829104C CA 2829104 C CA2829104 C CA 2829104C CA 2829104 A CA2829104 A CA 2829104A CA 2829104 A CA2829104 A CA 2829104A CA 2829104 C CA2829104 C CA 2829104C
Authority
CA
Canada
Prior art keywords
application
application software
software
secure
agent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CA2829104A
Other languages
English (en)
French (fr)
Other versions
CA2829104A1 (en
Inventor
Paul LITVA
David Jones
Ron Vandergeest
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Irdeto BV
Original Assignee
Irdeto BV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Irdeto BV filed Critical Irdeto BV
Publication of CA2829104A1 publication Critical patent/CA2829104A1/en
Application granted granted Critical
Publication of CA2829104C publication Critical patent/CA2829104C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
CA2829104A 2011-03-09 2011-03-09 Method and system for dynamic platform security in a device operating system Expired - Fee Related CA2829104C (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CA2011/050135 WO2012119218A1 (en) 2011-03-09 2011-03-09 Method and system for dynamic platform security in a device operating system

Publications (2)

Publication Number Publication Date
CA2829104A1 CA2829104A1 (en) 2012-09-13
CA2829104C true CA2829104C (en) 2019-01-15

Family

ID=46797349

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2829104A Expired - Fee Related CA2829104C (en) 2011-03-09 2011-03-09 Method and system for dynamic platform security in a device operating system

Country Status (7)

Country Link
US (2) US9635048B2 (de)
EP (1) EP2684152B1 (de)
CN (1) CN103827881B (de)
AU (1) AU2011361577B2 (de)
CA (1) CA2829104C (de)
WO (1) WO2012119218A1 (de)
ZA (1) ZA201307336B (de)

Families Citing this family (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104335220B (zh) 2012-03-30 2018-04-20 爱迪德技术有限公司 用于防止和检测安全威胁的方法和系统
WO2013168148A2 (en) 2012-05-08 2013-11-14 Serentic Ltd. A method for dynamic generation and modification of an electronic entity architecture
CN103310149B (zh) 2013-05-27 2018-06-26 华为终端(东莞)有限公司 系统功能调用的方法、装置及终端
US20150019852A1 (en) * 2013-07-12 2015-01-15 International Games System Co., Ltd. Verification method for system execution environment
US9323929B2 (en) * 2013-11-26 2016-04-26 Qualcomm Incorporated Pre-identifying probable malicious rootkit behavior using behavioral contracts
DE102014206006A1 (de) * 2014-03-31 2015-10-01 Siemens Aktiengesellschaft Verfahren und Vorrichtung zum Manipulationsschutz einer Recheneinrichtung
CN105278969A (zh) * 2014-06-16 2016-01-27 腾讯科技(深圳)有限公司 一种应用程序的代码验证方法及系统
KR102337990B1 (ko) * 2014-09-18 2021-12-13 삼성전자주식회사 권한 설정 토큰을 이용하는 전자 장치
US9646154B2 (en) * 2014-12-12 2017-05-09 Microsoft Technology Licensing, Llc Return oriented programming (ROP) attack protection
US10943014B2 (en) 2015-10-01 2021-03-09 Twistlock, Ltd Profiling of spawned processes in container images and enforcing security policies respective thereof
US10922418B2 (en) 2015-10-01 2021-02-16 Twistlock, Ltd. Runtime detection and mitigation of vulnerabilities in application software containers
US10915628B2 (en) 2015-10-01 2021-02-09 Twistlock, Ltd. Runtime detection of vulnerabilities in an application layer of software containers
US10664590B2 (en) 2015-10-01 2020-05-26 Twistlock, Ltd. Filesystem action profiling of containers and security enforcement
US10223534B2 (en) 2015-10-15 2019-03-05 Twistlock, Ltd. Static detection of vulnerabilities in base images of software containers
US10778446B2 (en) * 2015-10-15 2020-09-15 Twistlock, Ltd. Detection of vulnerable root certificates in software containers
KR101703826B1 (ko) * 2015-10-23 2017-02-08 한국전자통신연구원 스마트 기기 대상 비인가 행위 기반 플래시 메모리 내부의 데이터 보호 장치 및 방법
CN106878233B (zh) * 2015-12-10 2020-11-10 联芯科技有限公司 安全数据的读取方法、安全服务器、终端及系统
US10146681B2 (en) 2015-12-24 2018-12-04 Intel Corporation Non-uniform memory access latency adaptations to achieve bandwidth quality of service
US10409600B1 (en) * 2016-01-25 2019-09-10 Apple Inc. Return-oriented programming (ROP)/jump oriented programming (JOP) attack protection
US10275365B1 (en) 2016-03-21 2019-04-30 Apple Inc. Cryptographic signatures for capability-based addressing
JP6697416B2 (ja) * 2016-07-07 2020-05-20 信越化学工業株式会社 レジスト下層膜材料、パターン形成方法、レジスト下層膜形成方法、及びレジスト下層膜材料用化合物
US10216934B2 (en) 2016-07-18 2019-02-26 Crowdstrike, Inc. Inferential exploit attempt detection
US10778654B2 (en) 2016-09-16 2020-09-15 Arris Enterprises Llc Method and apparatus for protecting confidential data in an open software stack
KR102667438B1 (ko) * 2017-01-25 2024-05-20 삼성전자주식회사 전자 장치 및 전자 장치의 데이터 관리 방법
US9785519B1 (en) * 2017-02-16 2017-10-10 Red Hat Israel, Ltd. Driver switch for device error recovery for assigned devices
US10346612B1 (en) * 2017-06-19 2019-07-09 Architecture Technology Corporation Computer network defense training on operational networks using software agents
EP3646220B1 (de) 2017-06-29 2023-06-07 Hewlett-Packard Development Company, L.P. Überwachung von computervorrichtungen über agent-anwendungen
CN107368343B (zh) * 2017-08-21 2021-03-26 创维集团智能科技有限公司 一种基于安卓系统的终端开机方法、终端及存储介质
US10990679B2 (en) * 2018-05-07 2021-04-27 Mcafee, Llc Methods, systems, articles of manufacture and apparatus to verify application permission safety
US20190362066A1 (en) * 2018-05-25 2019-11-28 Microsoft Technology Licensing, Llc Accessing secure system resources by low privilege processes
NL2022559B1 (en) * 2019-02-12 2020-08-28 Univ Delft Tech Secure integrated circuit architecture
EP3696698A1 (de) * 2019-02-18 2020-08-19 Verimatrix Verfahren zum schutz eines softwareprogramms vor manipulation
CN113692583A (zh) * 2020-03-06 2021-11-23 华为技术有限公司 电子装置和安全防护方法
US11409846B2 (en) 2021-01-14 2022-08-09 Safelishare, Inc. User controlled trusted and isolated computing environments
CA3221836A1 (en) * 2021-07-28 2023-02-02 Louis A. Steinberg Methods for managing software supply chain risk through declared intent
US12562918B2 (en) 2022-06-22 2026-02-24 Apple Inc. Pointer authentication
US12481763B2 (en) 2023-12-06 2025-11-25 Nxp B.V. System and method for regulating access to secure functions
CN118378256A (zh) * 2024-02-01 2024-07-23 深圳赋乐科技集团有限公司 一种Android应用可信环境检测方法、装置、设备及存储介质

Family Cites Families (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7086086B2 (en) * 1999-02-27 2006-08-01 Alonzo Ellis System and method for maintaining N number of simultaneous cryptographic sessions using a distributed computing environment
WO2000072149A1 (en) 1999-05-25 2000-11-30 Motorola Inc. Pre-verification of applications in mobile computing
US7774838B2 (en) 2001-02-14 2010-08-10 Tricerat, Inc. Thorough operation restriction
US7827611B2 (en) * 2001-08-01 2010-11-02 Mcafee, Inc. Malware scanning user interface for wireless devices
JP2003114806A (ja) * 2001-10-04 2003-04-18 Hitachi Ltd Os更新方法及びセキュリティ制御方法並びにその実施装置
US7103914B2 (en) * 2002-06-17 2006-09-05 Bae Systems Information Technology Llc Trusted computer system
CA2496664C (en) 2002-08-23 2015-02-17 Exit-Cube, Inc. Encrypting operating system
US7434259B2 (en) * 2002-10-21 2008-10-07 Microsoft Corporation Method for prompting a user to install and execute an unauthenticated computer application
DE10252347A1 (de) * 2002-11-11 2004-05-19 Giesecke & Devrient Gmbh Überwachte Unterprogrammausführung
US7149900B2 (en) * 2002-12-12 2006-12-12 Intel Corporation Method of defending software from debugger attacks
US7546587B2 (en) 2004-03-01 2009-06-09 Microsoft Corporation Run-time call stack verification
JP2006053788A (ja) * 2004-08-12 2006-02-23 Ntt Docomo Inc ソフトウェア動作監視装置及びソフトウェア動作監視方法
US7631356B2 (en) * 2005-04-08 2009-12-08 Microsoft Corporation System and method for foreign code detection
US8839450B2 (en) * 2007-08-02 2014-09-16 Intel Corporation Secure vault service for software components within an execution environment
US7669242B2 (en) * 2005-06-30 2010-02-23 Intel Corporation Agent presence monitor configured to execute in a secure environment
US20070050848A1 (en) * 2005-08-31 2007-03-01 Microsoft Corporation Preventing malware from accessing operating system services
US7516112B1 (en) * 2006-03-24 2009-04-07 Sandia Corporation Flexible, secure agent development framework
CN101127634B (zh) * 2006-08-15 2010-10-20 华为技术有限公司 一种移动台安全更新升级的方法及其系统
US8468244B2 (en) * 2007-01-05 2013-06-18 Digital Doors, Inc. Digital information infrastructure and method for security designated data and with granular data stores
US8254568B2 (en) * 2007-01-07 2012-08-28 Apple Inc. Secure booting a computing device
US8127412B2 (en) * 2007-03-30 2012-03-06 Cisco Technology, Inc. Network context triggers for activating virtualized computer applications
CN101335746A (zh) * 2007-06-29 2008-12-31 国际商业机器公司 保护软件系统的完整性的安全设备和方法及其系统
US20100083381A1 (en) * 2008-09-30 2010-04-01 Khosravi Hormuzd M Hardware-based anti-virus scan service
US7979844B2 (en) * 2008-10-14 2011-07-12 Edss, Inc. TICC-paradigm to build formally verified parallel software for multi-core chips
US8171547B2 (en) * 2008-12-03 2012-05-01 Trend Micro Incorporated Method and system for real time classification of events in computer integrity system
US8606911B2 (en) * 2009-03-02 2013-12-10 Headwater Partners I Llc Flow tagging for service policy implementation
US8635705B2 (en) * 2009-09-25 2014-01-21 Intel Corporation Computer system and method with anti-malware
US8539584B2 (en) * 2010-08-30 2013-09-17 International Business Machines Corporation Rootkit monitoring agent built into an operating system kernel
US9087199B2 (en) * 2011-03-31 2015-07-21 Mcafee, Inc. System and method for providing a secured operating system execution environment
US9043903B2 (en) * 2012-06-08 2015-05-26 Crowdstrike, Inc. Kernel-level security agent

Also Published As

Publication number Publication date
WO2012119218A8 (en) 2013-01-10
CN103827881B (zh) 2017-12-12
AU2011361577B2 (en) 2017-04-20
EP2684152A4 (de) 2014-08-20
US20150040224A1 (en) 2015-02-05
WO2012119218A1 (en) 2012-09-13
ZA201307336B (en) 2014-11-26
US20170302697A1 (en) 2017-10-19
EP2684152B1 (de) 2020-07-22
US9635048B2 (en) 2017-04-25
EP2684152A1 (de) 2014-01-15
CN103827881A (zh) 2014-05-28
US10333967B2 (en) 2019-06-25
CA2829104A1 (en) 2012-09-13
AU2011361577A1 (en) 2013-10-03

Similar Documents

Publication Publication Date Title
US12197566B2 (en) Method and system for preventing and detecting security threats
US10333967B2 (en) Method and system for dynamic platform security in a device operating system
KR101158184B1 (ko) 클라이언트 플랫폼들 상의 콘텐츠 보호
JP5378460B2 (ja) 状態検証を使用した保護されたオペレーティングシステムブートのためのシステムおよび方法
US20160004859A1 (en) Method and system for platform and user application security on a device
Dive-Reclus et al. SYMBIAN OS PLATFORM SECURITY ARCHITECTURE

Legal Events

Date Code Title Description
EEER Examination request

Effective date: 20160203

MKLA Lapsed

Effective date: 20210909

MKLA Lapsed

Effective date: 20200309